Note: This bug is displayed in read-only format because the product is no longer active in Red Hat Bugzilla.

Bug 1542612

Summary: A route with host 'localhost' can freeze router reloads under some circumstances
Product: OpenShift Container Platform Reporter: Sergi Jimenez Romero <sjr>
Component: NetworkingAssignee: Ben Bennett <bbennett>
Networking sub component: router QA Contact: zhaozhanqi <zzhao>
Status: CLOSED ERRATA Docs Contact:
Severity: medium    
Priority: medium CC: aos-bugs, bmeng, erich
Version: 3.6.0   
Target Milestone: ---   
Target Release: 3.9.0   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Cause: A user can set a hostname to localhost, which confuses the router check to see if the reload completed. Consequence: The reload never returns success causing the router to fail. Fix: Change the health check so that it does not pass hostname 'localhost'. Result: Router reloads successfully.
 Story Points: ---
Clone Of: Environment:
Last Closed: 2018-03-28 14:26:32 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Sergi Jimenez Romero 2018-02-06 16:26:25 UTC 
Description of problem:
We have found out that creating a route with host 'localhost' can freeze subsequent router reloads IF AND ONLY IF the environment variable ROUTER_USE_PROXY_PROTOCOL is not set.

Version-Release number of selected component (if applicable):
v3.6.173.0.96

How reproducible:
always if ROUTER_USE_PROXY_PROTOCOL is not set

Steps to Reproduce:
- Ensure your router does not have ROUTER_USE_PROXY_PROTOCOL environment variable set
- Create a route with 'localhost' hostname that can be admitted on routers. For instance, the one issued by this command: oc create route edge localhost-route --hostname=localhost --service=internetcheck --insecure-policy=Allow
- Try to create/delete other routes so that a reload is forced. You will see errors and reloads will fail.

Actual results:

Errors seen at logs are like the following:

E0131 16:00:58.114791       1 ratelimiter.go:52] error reloading router: exit status 1
[WARNING] 030/160028 (360) : parsing [/var/lib/haproxy/conf/haproxy.config:35] : 'option httplog' not usable with frontend 'public_ssl' (needs 'mode http'). Falling back to 'option tcplog'.
 - Checking http://localhost:2080 ...
 - Exceeded max wait time (30) in health check - 58 retry attempt(s).

Expected results:
Something (safety checks?) to prevent this situation from happening.

Additional info:
Comment 3 openshift-github-bot 2018-02-09 03:57:35 UTC 
Commits pushed to master at https://github.com/openshift/origin

https://github.com/openshift/origin/commit/14191dfb9e6ce1d44e30b270b4b02db99fd5883f
Change the haproxy reload detection to tolerate routes named localhost

This changes the reload-haproxy script to explicitly pass no hostname in the http headers so that if a route is created named 'localhost' the reload does not match that route.

Fixes bug 1542612 (https://bugzilla.redhat.com/show_bug.cgi?id=1542612)

https://github.com/openshift/origin/commit/e040f08fd5f3aaf3fb5a7364a38699764e244823
Merge pull request #18539 from knobunc/bug/bz1542612-fix-reload-detection

Automatic merge from submit-queue (batch tested with PRs 18423, 18255, 18526, 18539, 18509).

Change the haproxy reload detection to tolerate routes named localhost

This changes the reload-haproxy script to explicitly pass no hostname in the http headers so that if a route is created named 'localhost' the reload does not match that route.

Fixes bug 1542612 (https://bugzilla.redhat.com/show_bug.cgi?id=1542612)
Comment 5 zhaozhanqi 2018-02-22 08:25:02 UTC 
Verified this bug on v3.9.0-0.47.0

steps:

1. oc create route edge localhost-route --hostname=localhost --service=service-unsecure --insecure-policy=Allow

2.  oc create route edge test --service=service-unsecure

3. oc delete route test

4. check the router logs
Comment 8 errata-xmlrpc 2018-03-28 14:26:32 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2018:0489